在向 Azure Active Directory (AAD) 编写自定义声明时,我似乎遇到了障碍。我正在尝试将组织写入 ADD,但是当我通过 Graph API 查询用户时,似乎没有看到任何组织数据的痕迹。我想知道我尝试写入数据的方式是否有问题,或者是否存在我不知道的技术细节会导致此问题?
这是我想保存到 AAD 的自定义声明。
<ClaimType Id="extension_organization">
<DisplayName>Organization Name</DisplayName>
<DataType>string</DataType>
<UserHelpText>Name of admin's organization.</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
这里是我写声明的地方(这几乎就是您在示例中看到的内容):
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
<PersistedClaim ClaimTypeReferenceId="extension_organization" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
有趣的是,似乎连电子邮件都看不到。
答案 0 :(得分:1)
在查询图形 API 以获取自定义/扩展属性时,您需要确保使用以下语法select
扩展属性:
extension_{b2cExtensionsAppId}_organization
其中 {b2cExtensionsAppId}
是自动生成的 B2C 租户中应用程序的应用程序/客户端 ID:
b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.
编辑 - 从扩展应用程序/客户端 ID 中删除短划线 (-)
79af1ae0-cacb-401a-9a42-1f2178adc0ef
被转换为 79af1ae0cacb401a9a421f2178adc0ef
。
示例:
b2c_79af1ae0cacb401a9a421f2178adc0ef_organization